07-21-2010 05:36 PM
I have a request from application group (SugarCRM environment) and They want to restrict access to /admin URL path to specific IP clients. I believe I can leverage my ServerIron ADX to achieve this but I need some guidance
07-22-2010 08:51 AM
This is definitely possible using CSW Policies and ACLs. Here is a simple example of how.
Define your CSW-Policy based on the parameters you want to watch for. In this example we’ll use the folder “admin”
csw-rule r1 url prefix “/admin”
Next you set the actions for your policy to redirect all traffic to this section of the site to a different port. In this case we’ll be using port 8080
csw-policy p1 match r1 redirect www.site.com/admin 8080
Make sure you bind your ports to the Real Server and VIP servicing the real. Also, be sure to apply your csw-policy to the VIP.
server real rs1 10.10.10.1
port http keepalive
port 8080 keepalive
server virtual vip1 188.8.131.52
port http csw-policy p1
bind http rs1 http
bind 8080 rs1 8080
The final step is to setup an ACL to set the permission you want for this specific folder. In our example we’re putting a very basic ACL to deny all traffic that doesn’t come from 10.10.10.2
access-list 103 permit tcp 10.10.10.2 8080
access-list 103 deny all all
Summary: This is only a small example of the types of permissions and setting you can put into place using csw redirects and ACLs
I hope this helps.